HackerTrans
TopNewTrendsCommentsPastAskShowJobs

etenal

13 karmajoined 3 anni fa

Submissions

We won $92,337 bug bounty using a single kernel 0-day

nebusec.ai
22 points·by etenal·3 giorni fa·6 comments

Tell HN: A new Nginx 0-day just dropped

11 points·by etenal·22 giorni fa·2 comments

comments

etenal
·3 giorni fa·discuss
Read our technical walkthrough here to see how we won almost $10k bug bounty from a single Linux kernel 0-day -- GhostLock.

Chaining GhostLock with a Firefox 0-day, we managed to remote control any Android device (even the latest Android 17) from a simple URL click. We name this full-chain exploit "IonStack", because it's IonMonkey 0-day in Firefox and a StackOverflow in Linux kernel.

Our blog post -> https://nebusec.ai/research/ionstack-part-2/

Exploit Github -> https://github.com/NebuSec/CyberMeowfia